Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2279
HistoryOct 24, 2023 - 1:59 p.m.

Advisory ROSA-SA-2023-2279

2023-10-2413:59:56
ROSA LAB
abf.rosalinux.ru
14
bind 9.11.4
rosa-server79
cache database
max-cache-size
memory utilization
yum update bind
denial of service
tcp port
vulnerability
recursion
memory boundaries
resolved
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

52.0%

Software: bind 9.11.4
OS: rosa-server79

package_evr_string: bind-9.11.4-26.P2.res7.15.x86_64.rpm

CVE-ID: CVE-2023-2828
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Each named instance configured to act as a recursive resolver maintains a cache database containing responses to queries it has recently sent to authoritative servers. The size limit for this cache database can be configured using the max-cache-size statement in the configuration file; the default is 90% of the total memory available on the host. When the cache size reaches 7/8 of the configured limit, the cache cleanup algorithm starts removing expired and/or recently used RRset from the cache to keep memory utilization below the configured limit. It was found that the effectiveness of the cache clearing algorithm used in named can be significantly reduced by requesting the recognizer to retrieve specific RRsets in a specific order, effectively allowing the configured max-cache-size limit to be significantly exceeded.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update bind command

CVE-ID: CVE-2023-3341
BDU-ID: 2023-06079
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the named DNS server daemon BIND is related to an operation exceeding buffer boundaries in memory as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending specially crafted packets through a configured control channel TCP port
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update bind command

OSVersionArchitecturePackageVersionFilename
rosaanynoarchbind< 9.11.4UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

52.0%